I am deploying an Exchange 2016 install onto a 2012 R2 server, and I keep running into an issue where Outlook keeps trying to point to the local name of the server, which throws up an SSL cert error. The server's real name is exchange.local.com. I am aware that having a *.com name for a local domain is not good policy, but that was the hand I was dealt. The Exchange 2016 is up and running, and hosting an email domain for @email.com. The accounts propagate, send and receive email correctly. The public facing domain that points to the Exchange server is @public.net. So the flow should go as follows:
(email dns hosted on godaddy) firstname.lastname@example.org > (public) exchange.public.net (dns hosted on godaddy )> public facing IP of server which our firewall NATs to the internal IP.
I have a SSL cert from DigiCert that includes the exchange.public.net and autodiscover.public.net SANs, and it is properly loaded onto the Exchange server. I can load up the OWA, and it shows it as a secure connection from https://exchange.public.net
. I ran the Microsoft online tool, and after giving it all of the proper account information, it resolves everything just fine, using the SRV for autodiscover for the email domain @email.com, finding it routing to exchange.public.net just fine, even giving a perfect SSL handshake along the way.
WHY then, does Outlook continue to point to the internal address of exchange.local.com? Which of course throws up the SSL cert error every time someone opens their outlook?
I have gone through and pointed every internal and external URL and URI to https://exchange.public.net
. I have setup the split-DNS entries for the lxgx.net domain inside of my local.com forest. I also checked the SCP in the Sites and Services of the local.com domain, and that points to https://exchange.public.net/autodiscover
as it should.
NSLookups all resolve, both internally and externally to exactly where they are supposed to. DNS entries resolve to exchange.public.net when pinging exchange.local.com.
Yet Outlook still pops up an SSL error saying it is trying to connect to Exchange.local.com. WHY?
Also, if I login to an off-prem computer, and setup the Exchange account in Outlook using the 'connect by proxy' settings, the first time it connects, it will authenticate perfectly, giving no SSL errors. However, upon closing Outlook and re-opening, when it is trying to reconnect, it never does, because it changes the server it is trying to connect to back to the internal address.
Outlook injects the local address of the server into the server information, even though the computer is not on-prem, meaning that the user can no longer connect to their mailbox!